After I run a scan it says that I have over 80 infected files. How do I get rid of those files after the initial scan? Because I ran it once after I ran it and every time I run it again there is even more. So I just wanted to know how to get rid of those. Thank you so much for your help ahead of time

ROCKNROLLKID

Joined: 23 Sep 2013

Posts: 562

Location: **UNKNOWN**

Posted: Sat Aug 08, 2015 7:10 pm

Make sure you upload those files to virustotal to make sure they are not false positives. You can access the quarantine by going to your ClamWin folder and finding a file called QRecover.exe.

GuitarBob

Joined: 09 Jul 2006

Posts: 4317

Location: USA

Posted: Sun Aug 09, 2015 11:12 pm

ClamWin's default option to treat infected files is to Report Only. You can also set it to Qiuarantine or (Remove--never use Remove in order to prevent removing an important file that is falsely detected). to change the infected file option, go to Configiure ClamWin or Tools, General tab, Infected Files.

Thanks for using ClamWin!

Regards,

Elkie

Joined: 26 Feb 2016

Posts: 1

Posted: Sat Feb 27, 2016 9:20 am

GuitarBob wrote:

ClamWin's default option to treat infected files is to Report Only. You can also set it to Qiuarantine or (Remove--never use Remove in order to prevent removing an important file that is falsely detected). to change the infected file option, Configiure ClamWin or Tools, General tab, Infected Files.

Thanks for using ClamWin!

Regards,

Hi Bob, does Quarantine mean that the file is still on the pc but isn't dangerous any more? Also I have over 122 infected files apparantly which seems like a lot. How do I know which are really infected and which are false positives.

Last edited by Elkie on Sat Dec 24, 2016 11:47 am; edited 4 times in total

GuitarBob

Joined: 09 Jul 2006

Posts: 4317

Location: USA

Posted: Sat Feb 27, 2016 3:38 pm

Quarantined files have been placed in the ClamWin quarantine folder (C:\ProgramData\.clamwin\quarantine). They can do no harm there because an "infected" comment has been placed at the end of the filename so they can't be run/execiuted. You can manually delete them if you want.

122 files is a lot! You either have a massive infection or they are "false positives". If you have that many infected files, you should probably have noticed something wrong with your computer--slow, unwanted popups, unwanted web sites, strange screens, etc. Again, if you have that many, you probably are not a safe surfer and click on just about any links you see and probably visit "bad" web sites as well--good ways to get infected.

I'll bet most of them are not infected and are "false positives." The Clam AV scan engine and virus signatures used by ClamWin gives more false positives than most AV programs, and I suggest that you set ClamWin's infected file option to Notify (not quarantine/remove). You can check a file by uploading it to Virus Total to see what other AVs say about the file. If several other AVs say it is infected, it probably is, so you can then temporarily set ClamWin to Quarantine, scan the file/folder and then let it quarantine the file. Be sure to set it back to notify afterwards.

You can restore false positive files by using the Qrestore program in the ClamWin programs\bin foldler.

Thanks for using ClamWin!

Regards,

ROCKNROLLKID

Joined: 23 Sep 2013

Posts: 562

Location: **UNKNOWN**

Posted: Sun Feb 28, 2016 12:21 am

Sounds like either you haven't updated your database recently or those were the fps that occurred last week and have been sitting in your quarantine ever since. You can upload some of those files to virustotal to see if they are infectious or not. IF they aren't, I'd assume that these were the fps that occurred last week and you should update you database and restore those files. If they do happen to be infectious, I would recommmend you grab a copy of Malwarebytes free edition and do a scan of your PC to make sure they are no left overs.

Pablo I. Scaletta

Joined: 01 Apr 2016

Posts: 5

Location: Argentina

Posted: Fri Apr 01, 2016 12:56 am

GuitarBob wrote:

ClamWin's default option to treat infected files is to Report Only. You can also set it to Qiuarantine or (Remove--never use Remove in order to prevent removing an important file that is falsely detected). to change the infected file option, go to Configiure ClamWin or Tools, General tab, Infected Files.

Thanks for using ClamWin!

Regards,

Hello. I hope that this question will not sound silly, but I wish to know the minimum time period after which infected files can be effectively removed from my PC.
Thanks in advance

GuitarBob

Joined: 09 Jul 2006

Posts: 4317

Location: USA

Posted: Fri Apr 01, 2016 4:14 pm

Infected files can be deleted from your computer at any time. You should make sure they are truly infected however--they might be "false positive" detections. Sometimes an AV program can give a false detection. ClamWin gives more false positives than most AVs, and I suggest you upload quarantined files to Virus Total where it will be checked against 50+ AVs, including Clam AV which provides the signatures/scan engine for ClamWin.

Regards,

Pablo I. Scaletta

Joined: 01 Apr 2016

Posts: 5

Location: Argentina

Posted: Fri Apr 01, 2016 4:49 pm

GuitarBob wrote:

Infected files can be deleted from your computer at any time. You should make sure they are truly infected however--they might be "false positive" detections. Sometimes an AV program can give a false detection. ClamWin gives more false positives than most AVs, and I suggest you upload quarantined files to Virus Total where it will be checked against 50+ AVs, including Clam AV which provides the signatures/scan engine for ClamWin.

Regards,

Thank you very much for your advice.

Ensitech

Joined: 12 Apr 2016

Posts: 1

Posted: Tue Apr 12, 2016 7:10 am

GuitarBob wrote:

Infected files can be deleted from your computer at any time. You should make sure they are truly infected however--they might be "false positive" detections. Sometimes an AV program can give a false detection. ClamWin gives more false positives than most AVs, and I suggest you upload quarantined files to Virus Total where it will be checked against 50+ AVs, including Clam AV which provides the signatures/scan engine for ClamWin.

Regards,

Just started using clamwin and getting a lot of detection. I don't normally surf nor click on anything and I use adblocks too. Thought maybe I just needed virus database update but still getting like 76 viruses. Just checked them to virus total though and found about 33 that were not viruses. Is there a quicker or automated way to distinguish the virus from the false positives? For the meantime though, I've rid of all the viruses, so thank you.

Pablo I. Scaletta

Joined: 01 Apr 2016

Posts: 5

Location: Argentina

Posted: Tue Apr 12, 2016 3:29 pm

Ensitech wrote:

GuitarBob wrote:

Infected files can be deleted from your computer at any time. You should make sure they are truly infected however--they might be "false positive" detections. Sometimes an AV program can give a false detection. ClamWin gives more false positives than most AVs, and I suggest you upload quarantined files to Virus Total where it will be checked against 50+ AVs, including Clam AV which provides the signatures/scan engine for ClamWin.

Regards,

Just started using clamwin and getting a lot of detection. I don't normally surf nor click on anything and I use adblocks too. Thought maybe I just needed virus database update but still getting like 76 viruses. Just checked them to virus total though and found about 33 that were not viruses. Is there a quicker or automated way to distinguish the virus from the false positives? For the meantime though, I've rid of all the viruses, so thank you.

I think that ClamWin does not seem to make such clear-cut distinctions, since you are advised by the administrators themselves to send your suspicious files somewhere else for a better diagnosis. It is not a reason to frown upon it, though, since ClamWin got rid of a worm that had not been detected by an antivirus software that I used to have previously.
Regards.

GuitarBob

Joined: 09 Jul 2006

Posts: 4317

Location: USA

Posted: Tue Apr 12, 2016 11:43 pm

Normally you do not get 33 virus detections, so checking 1 or 2 on Virus Total is no big deal. If only 1 or 2 AVs on Virus Total detect something, it is probably a false positive. I like to see at least 2 of these AVs detect something to verify it is infected: Bitdefender, Avira, Eset Nod 32, Kaspersky, and Sophos.

There are lots of ways to verify a false positive but Virus Total is the surest one. Other ways: age of the file, location of the file, size of the file, whether the file is digitally signed or not, developer of the file, and where you got the file from. These are not as sure as Virus Total, but several of them together do a pretty good job of verification. Most infected files are not very old, so a file older than a couple of months may be safe. Most malware is found in System32/SystemWOW64 and user Appdata folders. Most virus files are less than 1 megabyte in size. A file with a valid digital signature may be safe. A file from a known developer may be safe. Files obtained from crack/porn/torrent sites may not be safe. Remember that these are not 100 % signs--that's why I say "may", but they might help you make a decision.

ClamWin (via the Clam AV scan engine/signatures) gives more false positives than other AVs, although they all give a false positive now and then. ClamWin is not a real-time scanner, so you should use it as a backup to one--such as MS Windows Defender, Panda Free, Avira Free or Forticlient Free.

Regards,

Pablo I. Scaletta

Joined: 01 Apr 2016

Posts: 5

Location: Argentina

Posted: Wed Apr 13, 2016 3:28 pm

[quote="Ensitech"]

GuitarBob wrote:

Infected files can be deleted from your computer at any time. You should make sure they are truly infected however--they might be "false positive" detections. Sometimes an AV program can give a false detection. ClamWin gives more false positives than most AVs, and I suggest you upload quarantined files to Virus Total where it will be checked against 50+ AVs, including Clam AV which provides the signatures/scan engine for ClamWin.

Regards,

Wow! That surely is quite a lot of antivirus software for you to check if the file is actually infected.

ROCKNROLLKID

Joined: 23 Sep 2013

Posts: 562

Location: **UNKNOWN**

Posted: Wed Apr 13, 2016 6:28 pm

GuitarBob wrote:

Normally you do not get 33 virus detections.

Why do you assume that? Just a few months ago, my aunt had some really bad infections on her system. I used Malwarebytes to clean it and it found 1084 infections on her system and this is just from normal web browsing. Plus she had kids that always come over and download stuff onto her computer.

Pablo I. Scaletta

Joined: 01 Apr 2016

Posts: 5

Location: Argentina

Posted: Thu Apr 14, 2016 3:59 am

Geez, that's puzzling. How can viruses enter her computer if she does not enter suspicious sites?